API Reference

The Mako API is a RESTful API built with Hono. All endpoints are prefixed with /api.

Authentication

Two authentication methods:

1. Session cookies — For the web app (set automatically on login)
2. API keys — For programmatic access (prefix: revops_)

# API key authentication
Authorization: Bearer revops_YOUR_API_KEY

Create API keys in Workspace settings → API Keys. The same page surfaces your Workspace ID (the value to substitute for :wid / :workspaceId / WORKSPACE_ID below) with a copy button.

Auth Endpoints

Method	Endpoint	Description
POST	/api/auth/register	Create account (email/password)
POST	/api/auth/login	Login, returns session cookie
GET	/api/auth/me	Get current user session
POST	/api/auth/logout	End session
GET	/api/auth/google	Google OAuth redirect
GET	/api/auth/github	GitHub OAuth redirect

Workspaces

Method	Endpoint	Description
GET	/api/workspaces	List user’s workspaces
POST	/api/workspaces	Create a workspace
GET	/api/workspaces/:id	Get workspace details

Database Connections

These endpoints manage connections to user databases (PostgreSQL, MySQL, MongoDB, BigQuery, ClickHouse, Redshift, SQLite, Cloudflare D1/KV) that Mako queries on the user’s behalf. For SaaS data-source connectors (Stripe, Close, PostHog, GraphQL, REST, BigQuery sync), see SaaS Connectors.

Method	Endpoint	Description
GET	/api/workspaces/:wid/databases	List database connections
POST	/api/workspaces/:wid/databases	Add a database connection
GET	/api/workspaces/:wid/databases/:id	Get a single database connection (passwords masked)
PUT	/api/workspaces/:wid/databases/:id	Update a database connection
DELETE	/api/workspaces/:wid/databases/:id	Remove a database connection
POST	/api/workspaces/:wid/databases/test-connection	Test a candidate connection without saving
POST	/api/workspaces/:wid/databases/:id/test	Test an existing connection
POST	/api/workspaces/:wid/databases/demo	Provision the demo Chinook database (onboarding)

MongoDB Collections & Views

For MongoDB connections, collection and view management is exposed under the same workspace-scoped database routes. The legacy unauthenticated /api/database/* routes were removed in #408 — all callers must use the endpoints below.

Method	Endpoint	Description
GET	/api/workspaces/:wid/databases/:id/collections	List collections
POST	/api/workspaces/:wid/databases/:id/collections	Create a collection
GET	/api/workspaces/:wid/databases/:id/collections/:name	Get collection stats and indexes
GET	/api/workspaces/:wid/databases/:id/collections/:name/info	Get collection metadata only
DELETE	/api/workspaces/:wid/databases/:id/collections/:name	Drop a collection
GET	/api/workspaces/:wid/databases/:id/views	List views
POST	/api/workspaces/:wid/databases/:id/views	Create a view (viewOn, pipeline)
GET	/api/workspaces/:wid/databases/:id/views/:name/info	Get view metadata
DELETE	/api/workspaces/:wid/databases/:id/views/:name	Drop a view

Breaking change

The legacy /api/database/collections, /api/database/views, and related top-level routes were removed in #408. Callers must use the workspace-scoped endpoints above and authenticate with a session cookie or Bearer revops_* API key.

Query Execution

Session cookie or Authorization: Bearer revops_* API key required. Use the database connection ID from GET /api/workspaces/:wid/databases.

Method	Endpoint	Description
POST	/api/workspaces/:wid/databases/:databaseId/execute	Run a query against a specific connection (body.query)
POST	/api/workspaces/:wid/execute	Execute with query or queryDefinition; supports pagination via body.pagination
POST	/api/workspaces/:wid/execute/export	Stream results as format = arrow, parquet, ndjson, or csv
POST	/api/workspaces/:wid/execute/cancel	Cancel an in-flight query by executionId

Breaking change

The legacy unauthenticated POST /api/execute and POST /api/run/:path endpoints were removed in #401 (they allowed unauthenticated RCE). Callers must move to the workspace-scoped endpoints above and authenticate with a session cookie or Bearer revops_* API key.

Consoles

Method	Endpoint	Description
GET	/api/workspaces/:wid/consoles/list	List all consoles
GET	/api/workspaces/:wid/consoles/:id/details	Get console details + code
POST	/api/workspaces/:wid/consoles/:id/execute	Execute a saved console
PUT	/api/workspaces/:wid/consoles/:id/schedule	Create or update a saved console schedule (admin only)
DELETE	/api/workspaces/:wid/consoles/:id/schedule	Remove a saved console schedule (admin only)
POST	/api/workspaces/:wid/consoles/:id/schedule/run	Trigger a scheduled console immediately (admin only)
GET	/api/workspaces/:wid/consoles/:id/schedule/runs	List scheduled run history (admin only)
GET	/api/workspaces/:wid/scheduled-queries	List scheduled consoles in the workspace (admin only)

See Console for full API documentation with examples. Scheduled query endpoints require workspace admin access and use the same session/API-key authentication as other workspace endpoints.

Flows

Method	Endpoint	Description
POST	/api/workspaces/:wid/flows	Create/trigger a flow
GET	/api/workspaces/:wid/flows/:id	Get flow status
GET	/api/workspaces/:wid/flows/:id/sync-cdc/status	Get CDC stream status
GET	/api/workspaces/:wid/flows/:id/sync-cdc/schema-health	Compare live destination column types to the connector schema (BigQuery; detects drift)
GET	/api/workspaces/:wid/flows/:id/sync-cdc/destination-counts	Batched row counts per entity in the destination

Destination Counts Response

Returns a map of CDC entity name to destination row count. Mako batches BigQuery and PostgreSQL counts into one metadata query and may return 0 for configured entities whose destination table does not exist yet.

{
  "success": true,
  "data": {
    "contacts": 125000,
    "organizations": 8421,
    "opportunities": 0
  }
}

Schema Health Response

{
  "success": true,
  "data": {
    "hasDrift": true,
    "entities": [
      {
        "entity": "customers",
        "hasDrift": true,
        "columns": [
          { "column": "created_at", "liveType": "STRING", "expectedType": "TIMESTAMP", "status": "drift" },
          { "column": "id",         "liveType": "STRING", "expectedType": "STRING",    "status": "match" }
        ]
      }
    ]
  }
}

Accepts an optional ?entity=<name> query parameter to scope the check to a single entity. Drift is auto-corrected on the next CDC merge — see Schema Evolution.

Notification Rules

Email, webhook, and Slack notifications for terminal scheduled-query and flow runs. See Notifications for the full guide and webhook payload shape.

Method	Endpoint	Description
GET	/api/workspaces/:wid/notification-rules	List rules. Query: resourceType, resourceId.
GET	/api/workspaces/:wid/notification-rules/deliveries	List recent deliveries. Query: resourceType, resourceId, optional limit.
POST	/api/workspaces/:wid/notification-rules	Create a rule. Admin only.
PATCH	/api/workspaces/:wid/notification-rules/:ruleId	Update triggers / channel / enabled flag. Admin only.
DELETE	/api/workspaces/:wid/notification-rules/:ruleId	Delete a rule. Admin only.
POST	/api/workspaces/:wid/notification-rules/test	Send a test notification (saved rule by ruleId or ad-hoc channel).

Webhook deliveries include an X-Mako-Signature HMAC-SHA256 header. The signing secret is returned once as signingSecretOnce on create or rotation and is not retrievable later.

Chat API (AI Agent)

The Chat API enables programmatic access to Mako’s AI agent with streaming responses.

Method	Endpoint	Description
POST	/api/agent/chat	Send messages, receive streaming AI response
GET	/api/agent/models	List available AI models

Chat Request

curl -X POST https://app.mako.ai/api/agent/chat \
  -H "Authorization: Bearer revops_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "messages": [{"role": "user", "content": "Show me top 10 customers by revenue"}],
    "chatId": "optional-session-id",
    "workspaceId": "your-workspace-id",
    "model": "claude-sonnet-4-20250514"
  }'

Streaming Response

The response is a Server-Sent Events (SSE) stream:

Event Type	Description
start	Stream started, contains messageId
text-delta	Incremental text chunk from assistant
tool-input-available	Tool call with full input (e.g., SQL query)
tool-result	Tool execution result (e.g., query results)
finish	Stream complete, contains finishReason

Error Codes

Status	Description
400	Missing or invalid messages, chatId, or workspaceId
401	Unauthorized (missing or invalid API key)
403	API key not authorized for the workspace
404	Agent not found (invalid agentId)

Chat History

Method	Endpoint	Description
GET	/api/workspaces/:wid/chats	List chat sessions
POST	/api/workspaces/:wid/chats	Create a new chat
GET	/api/workspaces/:wid/chats/:id	Get chat details
PUT	/api/workspaces/:wid/chats/:id	Update chat title
DELETE	/api/workspaces/:wid/chats/:id	Delete a chat

Skills

Workspace skills — named playbooks the agent can author and load on demand. See Skills for the conceptual model.

Method	Endpoint	Description
GET	/api/workspaces/:wid/skills	List every skill in the workspace
GET	/api/workspaces/:wid/skills/:id	Get a single skill with full body
PUT	/api/workspaces/:wid/skills/:id	Edit loadWhen, body, or entities
POST	/api/workspaces/:wid/skills/:id/suppress	Toggle the suppressed flag
DELETE	/api/workspaces/:wid/skills/:id	Permanently delete a skill

All endpoints require authentication and workspace access. Agent-side CRUD is available through the save_skill, delete_skill, load_skill, and search_skills tools — see AI Agent.

Skill Response Shape

{
  "success": true,
  "skill": {
    "id": "6620...",
    "name": "mrr_walkthrough_fr",
    "loadWhen": "Building a sales report or answering questions about MRR in France",
    "body": "...",
    "entities": ["mrr", "france", "subscriptions"],
    "suppressed": false,
    "useCount": 12,
    "createdBy": "6612...",
    "createdAt": "2026-04-23T12:36:00.000Z",
    "updatedAt": "2026-04-23T12:36:00.000Z"
  }
}

Dashboards

Method	Endpoint	Description
GET	/api/workspaces/:wid/dashboards	List dashboards
POST	/api/workspaces/:wid/dashboards	Create a dashboard
GET	/api/workspaces/:wid/dashboards/:did	Get dashboard details
PUT	/api/workspaces/:wid/dashboards/:did	Update dashboard
DELETE	/api/workspaces/:wid/dashboards/:did	Delete dashboard
POST	/api/workspaces/:wid/dashboards/:did/duplicate	Duplicate a dashboard

Dashboard Folders

Method	Endpoint	Description
GET	/api/workspaces/:wid/dashboard-folders	List dashboard folders
POST	/api/workspaces/:wid/dashboard-folders	Create a folder
PUT	/api/workspaces/:wid/dashboard-folders/:fid	Update a folder
DELETE	/api/workspaces/:wid/dashboard-folders/:fid	Delete a folder

Dashboard Materialization

Method	Endpoint	Description
GET	/api/workspaces/:wid/dashboards/:did/materialization/status	Get materialization status for all data sources
POST	/api/workspaces/:wid/dashboards/:did/materialization/trigger	Trigger materialization for a data source
POST	/api/workspaces/:wid/dashboards/:did/materialization/trigger-all	Trigger materialization for all data sources
GET	/api/workspaces/:wid/dashboards/:did/materialization/stream/:dataSourceId	Stream Parquet artifact (supports range requests)

Inngest

Method	Endpoint	Description
POST	/api/inngest	Inngest webhook handler (internal)

Billing

Subscription management endpoints. All require workspace membership. When BILLING_ENABLED is false (self-hosted default), all endpoints return { "billingEnabled": false }.

Method	Endpoint	Description
GET	/api/workspaces/:wid/billing/status	Get plan, usage quota, and subscription status
POST	/api/workspaces/:wid/billing/checkout	Create a Stripe Checkout session (returns { url })
POST	/api/workspaces/:wid/billing/portal	Create a Stripe Customer Portal session (returns { url })

Billing Status Response

{
  "billingEnabled": true,
  "plan": "free",
  "subscriptionStatus": null,
  "usageQuotaUsd": 5,
  "hardLimitUsd": 5,
  "currentUsageUsd": 1.23,
  "modelTier": "free",
  "maxDatabases": 3,
  "maxMembers": 3
}

Error Codes

Status	Description
403	Not a workspace owner or admin
409	Active subscription already exists (on checkout)